[Samba] Replication between Samba DCs (on different sites)?

Michael Tokarev mjt at tls.msk.ru
Wed Nov 16 07:33:45 UTC 2022 

Replying to my own emails and thread..

15.11.2022 00:07, Michael Tokarev via samba wrote:
> 14.11.2022 23:21, Michael Tokarev via samba wrote:
> ...
>> I tried 'samba-tool drs replicate' manually on AI, but it also shows this
>> error:
>>
>> AI# samba-tool drs replicate ai svdcp 'CN=Configuration,DC=tls,DC=msk,DC=ru'
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')
>>    File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run
>>      drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
>>    File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in sendDsReplicaSync
>>      raise drsException("DsReplicaSync failed %s" % estr)
> 
> 
> AI# samba-tool drs replicate ai svdcp 'CN=Configuration,DC=tls,DC=msk,DC=ru' -d 10
> 
> gives some wire traces (or looks like), it ends up like the remote is returning
> WERR_FILE_NOT_FOUND. And I don't see this error on the remote, all what I see
> remote reporting on the logs is WERR_OK.

So, after recompiling samba multiple times adding numerous debugging messages
into *_DsReplicaSync and below, I found out the database on the "primary" DC
contained a few references to the objects I had to remove before, for example:

NOTE: old (due to rename or delete) DN string component for rIDSetReferences in object CN=SVDCM\0ADEL:a1a97bca-fbdf-429a-966e-cb8d71da606c,CN=Deleted 
Objects,DC=tls,DC=msk,DC=ru - CN=RID Set,CN=SVDCM,OU=Domain Controllers,DC=tls,DC=msk,DC=ru

(note the CN=Deleted Objects).

It was a long and painful debugging which lasted 2 complete days.

After all this, when trying to find a way to get a dump of ldb - I found
(by a chance) samba-tool dbcheck.  Which found all these objects (but
displayed "0 errors" anyway).  And after removing these "Deleted Objects"
things, it started working fine.

There are just 329 objects in the db now.

So, basically, samba-tool dbcheck for the rescue at the very least,
and note that renames/deletes in samba does not quite work.

Thank everyone for the help,

/mjt

More information about the samba mailing list